Take-away from "Securing Intellectual Property" by syngress

Unprotected Intellectual Property(IP) is worthless IP.  An IP protection program is a must for every company.  To have a successful protection program all IP must be identified and the associated risk for each idea evaluated.  The Plan has to be built around the company, and the plan has to be implemented like any other project.  Throughout the implementation, the plan will have to be tailored to fit seamlessly with the successful business that is paying for its implementation.  Finally, the executors of the plan need to understand the plan and agree with the implementation.  With special attention paid to those factors an IP strategist sets themselves up for successful protection strategy and a happy client.

Identification is what IP strategists are trained to do from their first day in law school: identify what statutory category, if any, the idea belongs to.  Classifying the associated risk is only a little bit harder than identifying the idea.  The risk of a losing intellectual property to theft or accidental disclosure is a product of: the probability of losing the IP; the vulnerability of the idea; and the impact it would have on your business, if lost.  The probability is a number that you will have to come up with based on how unscrupulous your competition is and how closely you feel you are being watched.  Vulnerability is the adaptability of the IP.  If it's a trademark or patent then you own the rights and disclosing it shouldn't hurt you; it's vulnerability is low. if it's a list of client leads then the vulnerability is high.  The impact is a matter of dollars and cents, how much will it hurt to lose the idea to a competitor or the public.

Building the protection plan is as much a matter of accessing the vectors of threat for your IP portfolio as it is making a plan that works well and intuitive for the people who have to use it.  Books are written on how information should be secured and what vectors supply the most real threat to your IP portfolio, but it is safe to say that a security audit needs to be done and then recommendations should be made based on the results of that audit.  Once you have an idea of your weaknesses the remedies for those weaknesses will be many, and this is the all important part where the security team sorts through the possibilities and sees which ones will be the easiest and most successful to implement.  They make their decision based on the associated risk of each weakness and the cost of implementing the remedy; both monetary costs and human costs.  The most important thing is that the idea-having people not get constrained and the business not have it's profitability capped because of security measures.  Because there won't be anything to secure, if your security measures run the business into the ground.

During the implementation process, some processes will meet with resistance and some milestones will not be met.  At these times, it is important to take stock of the fact that you are there to help the people of the business do their job better.  This means that if something is not working, it's better to look at it from the view point of what you are doing wrong, because blaming the client for not being able to follow your processes is a dead end road;  It's also not what they are paying you for.

The last step is not chronologically the last step but it is the last thing you need to check off before you leave the client: the executors of the protection plan need to understand the plan and stand behind it.  Policies that are understood will be wrongly implemented or disregarded for convenience.  It's important to make sure they fully grasp how the plan works, and what it's purpose is.  Making sure they stand behind it will come secondarily if the executors of the plan understand the plan and see it's value.

Economic Espionage

U.S.C. Title 18 Part 1 Chapter 90 Section 1831 covers economic espionage.  Very basically, economic espionage is the taking of trade secrets and delivering those trade secrets to foreign entities.  It carries a penalty of up to half a million dollars and/or up to 15 years in prison for people who get caught doing it; And 10 million dollar fine for organizations that get caught doing it.  

The law requires only that the perpetrator intends their crime to benefit a foreign government, foreign instrumentality, or foreign agent.  The acts, with respect to trade secrets, that are prohibited are well enumerated.  They include all sorts of stealing, carrying away, and fraudulently inducing the trade secret owner into giving up possession of the trade secret.  The law also includes, as illegal acts, photocopying, uploading, destroying, replicating in any way, or receiving information that you know to be a trade secret.  Attempts to do any of those acts are also outlawed.  Finally conspiring with others to do any of those illegal acts is also illegal.

The law against economic espionage is broad and requires limited involvement in a scheme to steal trade secrets for the benefit of a foreign entity, for strict punishments to be imposed.  For this reason it is important that potential victims of economic espionage label all of their trade secrets as confidential.  The potentially accused must make sure that they handle other's trade secrets with utmost confidentiality, to avoid being implicated in plots to steal trade secrets.

Deciding between a Patent and a Trade secret

A Patent gives an inventor a short license to exclude others from using their invention.  A patented invention is supposed to be a new, useful, and non-obvious machine, article of manufacture, process or composition of matter; or improvements to any of those things.  A Trade secret is any secret that a business uses that is worth money to the business because of its secrecy.  Trade secrets are perpetual and a person can sue any party that steals their trade secret.

A trade secret can be had instantly for the cost of implementing security processes that make the invention a secret.  A patent takes four years and filing a patent starts at $12,000.  When you apply for a patent, whether or not you are awarded the patent, the patent becomes public information (with few exceptions).  When you decide to make something a trade secret, you keep it a secret and it does not become public information.  A trade secret runs the risk of being the subject of a patent by a third party, in that case the trade secret user could be held to be infringing on the patent owned by the third party; independent creation of an invention is no defense to allegations of patent infringement.  Patent law is more protective than trade secret law in that it allows for remedies against infringers regardless of the infringers' intent.  Trade secret law only allows for remedies against people and businesses who steal the trade secret from the trade secret owner.

The valuable information that can be protected by trade secrets is much broader than the inventions that can be protected by patents.  A good rule of thumb is that if your invention can be easily reversed engineered then you should get a patent, if it makes economic sense to do so.